Open
Description
As per the README, "The dockerSsh option will mount your $HOME/.ssh/id_rsa and $HOME/.ssh/known_hosts as a volume in the docker container".
However, also other paths and key formats are used for SSH keys (e.g. specific SSH keys for specific sites, ecdsa or ed25510, etc.).
If no RSA SSH key is present, I get the following error:
Serverless: Using download cache directory /home/jack/.cache/serverless-python-requirements/downloadCacheslspyc
Serverless: Running docker run --rm -v /home/jack/.cache/serverless-python-requirements/413378d9b4915169d34e398a2e96757e42a01b4a91c532d04d36d297c6041eb2_slspyc\:/var/task\:z -v /home/jack/.ssh/id_rsa\:/root/.ssh/id_rsa\:z -v /home/jack/.ssh/known_hosts\:/root/.ssh/known_hosts\:z -v /tmp/ssh-4OmyoDvmZaPi/agent.1416\:/tmp/ssh_sock\:z -e SSH_AUTH_SOCK\=/tmp/ssh_sock -v /home/jack/.cache/serverless-python-requirements/downloadCacheslspyc\:/var/useDownloadCache\:z lambci/lambda\:build-python3.6 /bin/sh -c 'chown -R 0\\:0 /var/useDownloadCache && python3.6 -m pip install -t /var/task/ -r /var/task/requirements.txt --cache-dir /var/useDownloadCache && chown -R 1000\\:1000 /var/task && chown -R 1000\\:1000 /var/useDownloadCache && find /var/task -name \\*.so -exec strip \\{\\} \\;'...
Error --------------------------------------------------
Error: STDOUT: Obtaining repo from ssh@example.com/repo.git@v0.0.3 (from -r /var/task/requirements.txt (line 1))
Cloning ssh@example.com:repo.git (to revision v0.0.3) to ./src/repo
Running command git clone -q ssh@example.com:repo.git /var/task/src/repo
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/root/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/root/.ssh/id_rsa": bad permissions
Permission denied (publickey).
fatal: Could not read from remote repository.
Even if no RSA key is present, the plugin still tries to mount ~/.ssh/id_rsa into the container.
Docker then subsequently creates this path (as a directory), but with standard permissions (hence the above error message).
In the end, the SSH private key (which is in ~/.ssh/id_ed25519) is not present in the container, thus the "permission denied" error for the private repository occurs.